CVE-2017-9307
- EPSS 0.89%
- Veröffentlicht 31.05.2017 04:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remote authenticated users to conduct port scans and access intranet servers via a crafted file parameter.
CVE-2017-9249
- EPSS 0.68%
- Veröffentlicht 28.05.2017 20:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Cross-site scripting (XSS) vulnerability in Allen Disk 1.6 allows remote authenticated users to inject arbitrary web script or HTML persistently by uploading a crafted HTML file. The attack vector is the content of this file, and the filename must be...
CVE-2017-9090
- EPSS 1.19%
- Veröffentlicht 19.05.2017 18:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
reg.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code'])==1, which makes it possible to bypass the CAPTCHA via an empty $_POST['captcha'].
CVE-2017-9091
- EPSS 1.19%
- Veröffentlicht 19.05.2017 18:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
/admin/loginc.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code']) == 1, which leads to CAPTCHA bypass by emptying $_POST['captcha'].
CVE-2017-8848
- EPSS 0.49%
- Veröffentlicht 08.05.2017 17:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a password.
CVE-2017-8832
- EPSS 0.63%
- Veröffentlicht 08.05.2017 06:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Allen Disk 1.6 has XSS in the id parameter to downfile.php.